04-05-2017 05:41 PM - edited 03-08-2019 10:05 AM
hi,
good day. not sure if this is the right place to ask...
i am trying to secure our company network from our guest wifi.
previously, the guest wifi is plug into our switch and now we are thinking of plug into firewall directly.
does it helps in term of security?
thanks
04-05-2017 05:54 PM
It depends on exactly how it is setup at the moment.
So assuming it has it's own vlan/IP subnet if that vlan is routed on the same L3 device as your other vlans and that L3 device is not your firewall then yes it is more secure if you route the guest network on the firewall. This doesn't mean you can't use internal switches etc. to get to the firewall, just that the default gateway for guest clients should be an IP assigned to your firewall interface.
There are a few considerations if you do this. Firstly IP addressing. If the firewall can hand out IPs or your guest clients use static IPs then no problem but if you want to use your internal DHCP server (assuming you have one) for everything then you will need to make sure your firewall can relay the DHCP requests.
Secondly, apart from potentially, DHCP do the guest clients need access to anything else on your company network. If not then fine but if they do you would then need to setup access from the firewall and this can complicate things.
But yes, it should make your setup more secure.
Jon
04-05-2017 06:51 PM
thanks
at the moment, we have two controller, one for staff and the other for guest. both into our l3 switch. ap will be on l2 switch
theres two suggestion now. one is to unplug from l3 and l2 switch and then assign a switch just for the guest controller and ap
second is to take out the guest controller n ap, plug into the router provided by ISP. access from guest to staff network will be controlled by firewall.
04-05-2017 06:52 PM
we using ruckus controller so it does has its own DHCP function
04-05-2017 05:56 PM
Should also say the WLAN controller(s) will also come into it but I don't really have any experience with these.
If they are on a separate controller then just connect that to firewall, if they share a controller you may want to ask this question in the Wireless forums as well.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide